Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BPF] Automatically adjust to actual max-entries when dumping conntra… #9704

Merged
merged 3 commits into from
Jan 22, 2025
Merged

[BPF] Automatically adjust to actual max-entries when dumping conntra… #9704

merged 3 commits into from
Jan 22, 2025

Conversation

ioworker0
Copy link
Contributor

@ioworker0 ioworker0 commented Jan 13, 2025
edited by tomastigera
Loading

Description

Previously, the conntrack map size would not dynamically adjust to the default value when dumping the conntrack map, even if the global Felix configuration was modified or the BPFMapSizeConntrackPerCPU feature (which is supposed to scale the map size based on the number of CPU cores) was enabled.

So, let's do some things to address this issue ~

Related issues/PRs

fixes #9651

Todos

  • Tests
  • Documentation
  • Release note

Release Note

ebpf: adjust the default value to the value from the actual map when dumping the conntrack map in calico-bpf

Reminder for the reviewer

Make sure that this PR has the correct labels and milestone set.

Every PR needs one docs-* label.

  • docs-pr-required: This change requires a change to the documentation that has not been completed yet.
  • docs-completed: This change has all necessary documentation completed.
  • docs-not-required: This change has no user-facing impact and requires no docs.

Every PR needs one release-note-* label.

  • release-note-required: This PR has user-facing changes. Most PRs should have this label.
  • release-note-not-required: This PR has no user-facing changes.

Other optional labels:

  • cherry-pick-candidate: This PR should be cherry-picked to an earlier release. For bug fixes only.
  • needs-operator-pr: This PR is related to install and requires a corresponding change to the operator.

@ioworker0 ioworker0 requested a review from a team as a code owner January 13, 2025 09:28
@marvin-tigera marvin-tigera added this to the Calico v3.30.0 milestone Jan 13, 2025
@marvin-tigera marvin-tigera added release-note-required Change has user-facing impact (no matter how small) docs-pr-required Change is not yet documented labels Jan 13, 2025
@ioworker0
Copy link
Contributor Author

@tomastigera

@tomastigera
Copy link
Contributor

/sem-approve

tomastigera
tomastigera requested changes Jan 13, 2025
View reviewed changes
Copy link
Contributor

@tomastigera tomastigera left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, some nits/tweaks, thanks

felix/cmd/calico-bpf/commands/conntrack.go Show resolved Hide resolved
felix/cmd/calico-bpf/commands/conntrack.go Outdated Show resolved Hide resolved
felix/cmd/calico-bpf/commands/conntrack.go Outdated Show resolved Hide resolved
@ioworker0
Copy link
Contributor Author

ioworker0 commented Jan 14, 2025
edited
Loading

LGTM, some nits/tweaks, thanks

Thanks a lot for taking time to review!

@ioworker0
Copy link
Contributor Author

LGTM, some nits/tweaks, thanks

Done ~

@ioworker0 ioworker0 requested a review from tomastigera January 14, 2025 02:32
tomastigera
tomastigera approved these changes Jan 15, 2025
View reviewed changes
Copy link
Contributor

@tomastigera tomastigera left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks

@tomastigera tomastigera added docs-not-required Docs not required for this change and removed docs-pr-required Change is not yet documented labels Jan 15, 2025
@tomastigera
Copy link
Contributor

/sem-approve

@ioworker0
Copy link
Contributor Author

/sem-approve

Oops ;(

We've added a ver flag to commands, so we longer need docopt to parse it.

@tomastigera
Copy link
Contributor

/sem-approve

@tomastigera
Copy link
Contributor

There seems to be some issue with creating --ver=2 map, it breaks one test, see https://tigera.semaphoreci.com/jobs/9660d5a8-3f05-44a8-842c-1363d5fba628/artifacts/test-7.log

You can run the test locally from calico/felix directory by invoking make fv-bpf GINKGO_FOCUS="Felix bpf test conntrack map upgrade.*should upgrade conntrack entries from v2 to v3" 2>&1 | tee fv.log

• Failure [4.449 seconds]
_BPF-SAFE_ Felix bpf test conntrack map upgrade (etcdv3 backend)
/go/src/github.com/projectcalico/calico/felix/fv/infrastructure/datastore_describe.go:40
  should upgrade conntrack entries from v2 to v3 [It]
  /go/src/github.com/projectcalico/calico/felix/fv/bpf_map_upgrade_test.go:63

  Command failed
  Command: docker args: [exec felix-0-35797-477-felixfv calico-bpf conntrack create --ver=2]
  Output:
  
  time="2025-01-16T21:21:32Z" level=fatal msg="Failed to get ConntrackMap" func="github.com/projectcalico/calico/felix/cmd/calico-bpf/commands.(*conntrackCreateCmd).Run" file="/go/src/github.com/projectcalico/calico/felix/cmd/calico-bpf/commands/conntrack.go:470" error="failed to access conntrack Map"

@ioworker0
Copy link
Contributor Author

ioworker0 commented Jan 18, 2025
edited
Loading

Sorry for the late response, I was tied up with work ;(

There seems to be some issue with creating --ver=2 map, it breaks one test, see https://tigera.semaphoreci.com/jobs/9660d5a8-3f05-44a8-842c-1363d5fba628/artifacts/test-7.log

You can run the test locally from calico/felix directory by invoking make fv-bpf GINKGO_FOCUS="Felix bpf test conntrack map upgrade.*should upgrade conntrack entries from v2 to v3" 2>&1 | tee fv.log

Ah, I see~

The mistake I made was thinking that the logic for creating a new conntrack map required adding a new step to adjust the size. But, this change broke one of the tests.

So, to fix this, let's revert to the original behavior.

• Failure [4.449 seconds]
_BPF-SAFE_ Felix bpf test conntrack map upgrade (etcdv3 backend)
/go/src/github.com/projectcalico/calico/felix/fv/infrastructure/datastore_describe.go:40
  should upgrade conntrack entries from v2 to v3 [It]
  /go/src/github.com/projectcalico/calico/felix/fv/bpf_map_upgrade_test.go:63

  Command failed
  Command: docker args: [exec felix-0-35797-477-felixfv calico-bpf conntrack create --ver=2]
  Output:
  
  time="2025-01-16T21:21:32Z" level=fatal msg="Failed to get ConntrackMap" func="github.com/projectcalico/calico/felix/cmd/calico-bpf/commands.(*conntrackCreateCmd).Run" file="/go/src/github.com/projectcalico/calico/felix/cmd/calico-bpf/commands/conntrack.go:470" error="failed to access conntrack Map"

It has now passed locally with the new commit ;)

Thanks again for your help!

@tomastigera
Copy link
Contributor

/sem-approve

@ioworker0
Copy link
Contributor Author

/sem-approve

Is seems like just a flake with a 404 status code occurred.

Would you please re-run the CI?

@ioworker0 @tomastigera
[BPF] Automatically adjust to actual max-entries when dumping conntra…
0aec22a 
…ck map

Let's automatically adjust the default value to match the actual max_entries
value retrieved from the conntrack map when dumping its entries.

Suggested-by: Tomas Hruby <tomas@tigera.io>
Signed-off-by: Mingzhe Yang <mingzhe.yang@ly.com>
Signed-off-by: Lance Yang <ioworker0@gmail.com>
@ioworker0 @tomastigera
[BPF] Fix --ver mapping error
2a5f085
@ioworker0 @tomastigera
[BPF] Skip map size adjustment when creating new conntrack map
b7d72a0
@tomastigera
Copy link
Contributor

/sem-approve

@tomastigera tomastigera merged commit 232b72f into projectcalico:master Jan 22, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomastigera tomastigera tomastigera approved these changes

Assignees
No one assigned
Labels
docs-not-required Docs not required for this change release-note-required Change has user-facing impact (no matter how small)
Projects
None yet
Milestone
Calico v3.30.0
Development

Successfully merging this pull request may close these issues.

[BPF] failed to dump the conntrack table
3 participants
@ioworker0 @tomastigera @marvin-tigera